What Docker Needs From PaaS: Apprenda's Take

Many observers see the emergence of Docker's container format as disruptive to virtual machine systems. That will be true in some cases; others, not so much. But Docker is also likely to disrupt platform-as-a-service, says Rakesh Malhotra, VP of product at enterprise PaaS vendor Apprenda.

Malhotra has his eye on Docker developments, even though Apprenda is a Microsoft partner and the main PaaS system with built-in Windows and .Net compatibility. In April, Microsoft began hosting Apprenda on its Azure cloud service and linking to enterprise Apprenda users, even though Azure, in its first iteration, was also PaaS and continues to compete with Apprenda. Malhotra is the former product manager for Virtual Machine Manager in Microsoft Systems Center; he spent 10 years as a software executive inside Microsoft.

That makes it all the more impressive that Apprenda has decided to support Docker in a release that will be out before the end of the year. There is no direct equivalent to Linux containers in Windows, so of course Docker doesn't run directly on Windows Server, although Malhotra says Windows APIs can be used to do some container-like things. Apprenda serves Java developers as well, and many Java apps are built to run under Linux.

Apprenda itself has been using Docker "for several months" because Malhotra recognizes that developers like what can be accomplished with it and it's likely to be part of developers' outlook in the future. The developer "momentum and excitement around containers is very real," he tells us.

Virtual machine systems are a tool of IT governance. They come from IT and are good for managing datacenter resources. Developers, however, don't need IT to put their finished code into a Docker container, and that means they can finish their workloads for various runtime scenarios without further intervention by IT.

"Why do developers flock to Docker?" asked Malhotra, then answered his own question: "It's empowering. Instead of meeting with IT for servers and a software stack to run their application, you put it in a container. Developers like to get things done quickly. They're not interested in meetings and other bureaucracy."

Docker changes in some ways the things that developers do, and Apprenda can ease the difficulty of those changes on its PaaS system.

Some existing PaaS systems apply their own packaging and workload preparation as part of the final steps of producing an application on them, Malhotra notes. If they do, it will collide with the strict file format that Docker wants to impose. Apprenda does not do the packaging step. With the future release of Apprenda, Java developers will be able to turn their code over to Docker at the finish line to get a containerized version, capable of being deployed into various clouds or enterprise environments, without further IT or developer configuration.

A container-sensitive PaaS can also play a role in helping either the developers or the target operations group decide how much efficiency they want versus how much isolation and security they need. Linux containers are closer to a bare-metal way of running applications because they don't each require their own version of an operating system; they use the host's. But they're still believed to be less secure than virtual machines.

In the future, a PaaS system will have "a sliding scale" of efficiency versus security, and where the workload falls on that scale will determine whether it will be finished as a container system or a virtual machine, says Malhotra. Because there are fewer barriers between them, an active malicious agent on the same container host might be able to play havoc with other containers. Virtual machines are more severely cordoned off.

"Even the folks at Docker have been good about not over-promising on security. The only thing worse than no security is the illusion of security."

At the same time, containers do away with the overhead associated with virtual machines. They not only don't need a copy of the operating system, they use only the memory they need, as opposed to being overprovisioned for comfortable operation. Because of that, they boot quickly and can be concentrated in the hundreds on four-way x86 servers. Joyent CTO Bryan Cantrill reports running 800 and "could run thousands" at a time.

Containers do other things as well, not all of them efficient in light of the way developers are used to doing things. "There'll be trade-offs," he warns.

For example, if a container connects to multiple services and applications outside itself, a developer may find that shutting one of the services -- say, a database server -- and changing its IP address can jeopardize how the workload will run. The layers of software images in containers want to think of the IP address as immutable, and a whole series of connections may be misaligned if it changes.

What's needed, says Malhotra, re-inserting the possible future role of PaaS into the discussion, is an outside service, like the DNS system on the Internet. The Domain Name System lets the physical location of a website change, but its address remains the same to users. PaaS can do that for containers, and Apprenda hopes to do it for many Docker users in the future.

Private clouds are moving rapidly from concept to production. But some fears about expertise and integration still linger. Also in the Private Clouds Step Up issue of InformationWeek: The public cloud and the steam engine have more in common than you might think. (Free registration required.)

Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio

How can Apprenda, known for being the Microsoft friendly PaaS for the enterprise, plan to play a role in containerization, a strictly Unix/Linux construct? "We see ourselves as supplying the application server for the cloud," said Rakesh during the interview. That is PaaS is just about developing in the cloud and deploying in the cloud. It's the package of things that allows the application to run in the cloud, with all its dependencies. With that attitude, it's shifting its attention to containers and how its system can work with them..

@Laurianne, here I would like to echo you - frankly speaking I did not see clear points why Apprenda chose Azure? Is it just because Azure is PaaS like Google AppEngine? There must be something more behind but simply I am not able to tell.

Apprenda is PaaS software - not a PaaS. That means we can take a bunch of operating system instances and turn it into a PaaS on the fly. Those operating system instances could be sitting behind the firewall in a customer's datacenter, or can come from public clouds like Azure, or both. When I say both, I mean that a large enterprise can build a private PaaS (using resources from their own datacenters) and then incorporate resources from Azure or any other public IaaS to create a federated, hybrid PaaS instance.

The reason I go into this level of detail is that we didn't "chose" Azure in the sense that you describe. We partnered with Microsoft to create a special solution to deliver a turn-key instance of a hybrid PaaS to customers that want it. Additionally, we have some interesting integrations with things like System Center for managing Apprenda on-premises. Our customers can choose to build a hybrid PaaS using any IaaS provider, including AWS.

To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.

Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.